Internet Explorer the 'Most Vulnerable' Web Browser of 2014, States Study: Time to Switch to Chrome and Firefox?

Internet explorer has become the subject of varied 'Azero Day' attack mechanisms, by cyber criminals.

Users of Microsoft's Internet Explorer (IE) are most vulnerable to being targeted by hackers and cyber criminals, according to the findings of a latest study. The study, conducted by Bromium Labs, reported that IE was one of the most exploited web browsers during the first half of 2014.

Bromium Labs' latest study also mentions Adobe Flash as being the primary target of cyber-criminals, during the first half of 2014.

The popular plugin was exploited by hackers via 'Zero Day' attacks.

By launching 'Zero Day' attacks, cyber criminals exploit previously known vulnerabilities that developers fail to address in an application.

"The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers," states Bromium Labs, in its research report.

Users of Microsoft's Internet Explorer (IE) are most vulnerable to being targeted by hackers and cyber criminalsBromium

An 'Action Script Spray' exploit also leads to hackers/cyber-criminals bypassing ASLR, and thereby gaining control over an application, and gradually the entire host system.

Along with 'Action Script Spray', hackers also resorted to 'Internet Explorer memory corruption', by using Return Oriented Programming (ROP) techniques, to bypass the default ASLR mechanism.

ROP is a security exploitation mechanism, using which attackers resort to running customised executable codes, even when security mechanisms such as "code signing" and "Executable Space Protection" are enabled.

Exploitations on Adobe Flash

Engineers at Bromium Labs say that hackers and cyber-criminals exploited ActionScript, an object-oriented programming language using which new features for Adobe Flash are developed, via new features that Adobe released in 2013.